Block direct access to a directory and create condition to free access with . htacess

Asked

Viewed 3,308 times

8

I have this for when:

  • Request is not an existing file OR
  • Request ends with . php

RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteRule ^(.*)$ http://login/sites/?request=$1 [L]

I don’t understand almost anything about htacess, could anyone help me to, other than block off access, release through some condition, for example via GET, or better still via $_SESSION, access to a folder?

Action: When trying to access a folder directly, it would be redirected to a login page and after logging in it could access the folder freely through the url.

  • No one????????

  • you want to free access to the objects contained in the folder for a specific user, type it can make a request to a particular php page or a set of pages within a folder, that’s it?

  • HTTP authentication? http://httpd.apache.org/docs/2.2/howto/auth.html

  • Yes! Before I block and then release with this request!

  • @Lucas, HTTP authentication with mod_ssl? Like I have to mess with the terminal? If so, isn’t that it.

  • I had to use the terminal to create the password file. And it was about ssl yes

  • Know how to pass PHP parameters, via GET, for a variable there in htacess?

  • 1

    I think you do. Have a look here http://zenverse.net/capture-query-string-get-data-in-htaccess-rewrite/

Show 3 more comments

2 answers

4


The ideal is to have a forwarding to the index.php page, or another, which serves as an entry page to the site.

The validation logic should be placed inside this page. If there is no $_SESSION set when index.php is executed, redirect to a login page.

In index.php you may have something like this:

$loginURL = "http://www.domain.tld/login.php"; // substituir por URL real
if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
if (!isset($_SESSION['Login'])) {
  // redirecciona para páginda de login
  header("Location: {$loginURL}");
}

0

Look if it helps you, this . htaccess from here we use in our Framework:

RewriteEngine On
RewriteCond public/$1 -F
RewriteRule (.+) public/$1 [L]
RewriteCond $0 !^(index\.php|public/)
RewriteRule (.*) index.php/$1 [QSA]

It does the following, everything will be directed to index.php however if it is in the /public and the file exists, PHP file does not run in the /public, it displays, but if the file does not exist it executes index.php

  • I wanted a condition for when there’s a session. It’s like?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.